The first part of this article reviewed the actions taken by ICANN in response to a March 27th letter from the Intellectual Property Constituency (IPC) alleging that the pricing of Trademark Clearinghouse (TMCH) registered terms by the .Sucks registry were "predatory, exploitative and coercive" and requesting that ICANN halt the registry's rollout. This second part explores additional ramifications of ICANN's decision to request two national regulators to review the legality of the registry's operation.

Jurisdictional Ramifications for Post-Transition ICANN

ICANN's request to the FTC, arguably setting the precedent that all contracted parties are subject not only to having their contracts enforced under US law but to US law enforcement generally, immensely complicates the debate on ICANN's future jurisdictional ties that is now taking place within the transition and accountability working groups. That debate centers on whether the Affirmation of Commitments (AOC) that ICANN entered into with the U.S. in September 2009 should be incorporated within its Bylaws, including its commitment in Section 8(b) that ICANN shall "remain a not for profit corporation, headquartered in the United States of America with offices around the world to meet the needs of a global community". Some members of the WGs want the matter of ICANN's legal jurisdiction left out of the Bylaws and open for future consideration, while others believe that enshrining this commitment within the Bylaws is not just advisable but may be essential to obtaining Congressional acquiescence to the transition and accountability package developed by the community.

In his February 25th written testimony submitted to the Senate Commerce Committee, CEO Chehade addressed this issue, stating:

I expect that our relationship with the U.S. Government will remain strong even when the IANA Functions Contract comes to an end… ICANN has its global headquarters in the United States, and there are no plans for that to change… the accountability group is already working on this exact idea of incorporating the Affirmation of Commitments into the Bylaws, including requirements for higher voting thresholds in the event of future attempts to modify these obligations. (Emphasis added)

CEO Chehade's oral testimony before the Committee added greater strength to these commitments:

Already, governments cannot be on our board. Governments can only give advice that we will strengthen this further, as you suggested in your letter.

Another concrete idea you gave us in your letter is to make sure our affirmation of commitments to the world are enshrined in our bylaws. We are very actively looking at doing that right now, and I believe this is a good idea and I hope our stakeholders will agree with me. These affirmation of commitments, by the way, are very clear that the jurisdiction of ICANN shall remain in the United States of America, and we stand by these. (Emphasis added)

There is some substantial disconnect between the desirable goal of preventing ICANN from being a multilateral or government-dominated organization and the unprecedented action of ICANN requesting select governments to opine on the legality of actions being undertaken by contracted parties. As noted, since Vox Populi's jurisdictional tie to the U.S. is presumably grounded in the fact that it has entered into a contract with ICANN, this request apparently establishes a precedent that every contracted party, registry and registrar, is subject to U.S. law enforcement regardless of where it is domiciled or conducts its activities. This is not going to make resolution of the jurisdictional question easier for the WGs now grappling with it.

Civil or Criminal Illegality

There's also the question of why ICANN limited its inquiry to two consumer protection regulators. The IPC letter alleged that business rights holders were being coerced to pay exorbitant sums for .Sucks domains matching their Trademark Clearinghouse (TMCH) registrations, with consumer protection being a potential secondary concern if such websites were obtained for trademark infringement and therefore consumer deception purposes. If Vox Populi's business scheme is indeed extortionate, as some have alleged, then that could be a criminal law violation. So why, for example, wasn't the opinion of the US Department of Justice solicited as well?

Extrapolating even further, although the author is skeptical that Vox Populi is engaged in any criminal conduct, that still leaves the question of whether, should any criminal law violation be alleged, could the registrars that have contracted to distribute .Sucks domains be indicted and charged as co-conspirators under laws such as the US Racketeering Influenced and Corrupt Organization Act (RICO) statute, for which extortion is one of the leading predicate crimes that can be the basis of charging criminal conspiracy? As some registrars are marking up the retail price of .Sucks Premium registration to the point of making the same profit as the registry itself, if there is any element of "extortion" it would seem to be a shared activity.

Indeed, could ICANN be charged as well in a criminal law context, both for approving the registry operator with knowledge of its business plan — as well as for special provisions it placed in the registry agreement that allow it to share in the revenues of .Sucks to the tune of an additional $1 million over standard gTLD contracts? Only two acts of extortion within a 10-year period are required for such RICO prosecution, which could be satisfied by two extortionate domain registrations.

However, at least within the US, our courts are prohibited by the Constitution from providing advisory opinions and may only rule on actual cases and controversies. As for regulatory agencies, it remains to be seen what if any responsive guidance may be provided by the FTC prior to May 29th. But there is simply no way that the FTC can declare that it has determined that Vox Populi's actions are illegal by that date. Such a determination would have to be preceded by a lengthy staff investigation, a subsequent vote of the FTC Commissioners to initiate a lawsuit, and a determination by a federal court that Vox Polpuli was engaging in a violation of civil or criminal law. That's a process that takes years, not less than two months.

So the FTC will not be in a position to conclusively determine whether .Sucks pricing is illegal before its domains are available for sale to the general public throughout the world. Which raises the question of why ICANN didn't start looking into the legality of this business plan long before this week, especially after receipt of similar complaints from Senator Jay Rockefeller in March 2014?

Applicant Review Questions

While the initial portion of this article dissects last week's unprecedented ICANN actions, some related and residual questions remain.

The first group is related troubled past financial history of some Momentous affiliates with ICANN, and whether it was properly vetted as an applicant. They include:

How did Vox Populi pass the background screening provisions of Sec. 1.2.1 of the Applicant Guidebook (AG), which includes "general business diligence", given that it was associated with non-payment of substantial amounts of past due registrar fees? That Section of the AG also states that "Background screening is in place to protect the public interest in the allocation of critical Internet resources, and ICANN reserves the right to deny an otherwise qualified application based on any information identified during the background screening process… ICANN may also contact the applicant with additional questions based on information obtained in the background screening process." How did ICANN weigh the "public interest" in this instance, and did ICANN submit any additional questions to this applicant given its prior financial history?

In a related question, how did Vox Populi pass the initial evaluation in sec. 2.2 of the AG, which asks "Whether the applicant has the requisite technical, operational, and financial capability to operate a registry"; and was it subjected to Financial Extended Evaluation under Sec. 2.3.2?

Finally, how is it that Momentous had $3 million to bid and win a private auction for .Sucks in November 2014 but was allowed to launch the registry without satisfying its substantial past due registrar debts to ICANN?

This is but a subset of unresolved questions about the rigor with which ICANN evaluated new gTLD applicants. Some that were alleged to have records of trademark infringement that arguably should have triggered rejection under AG provisions have nonetheless gone on to become major portfolio gTLD operators. While ICANN will not reveal the specifics of any applicant's evaluation, it would at least be worthwhile prior to the next gTLD round to have it release data in aggregated and anonymized fashion regarding what number and percentage of applicants were rejected and for what reasons.

Questions Implicating the IANA Transition

The second group of questions is probably more important, because they relate to the potential impact of this situation on the ongoing IANA functions transition and enhanced ICANN accountability that its community is now engaged in to the point of sleep-deprived exhaustion — and which is presently frozen through September 30th by a Congressional appropriations edict.

When NTIA announced its intention to transition its stewardship in March 2014, one key justification was that "as ICANN has performed the IANA functions over the years, it has matured as an organization and has taken important steps to improve its accountability and transparency as well as its technical competence". Will the .Sucks controversy erode the perception of maturity, accountability and transparency and encourage a Republican-controlled Congress to further question this Obama Administration policy decision? Certainly, headlines in the Washington Post like "The group that created '.sucks' now wants government to keep it from spinning out of control" and CBS News' "New ".sucks" domain lives up the name" won't be helpful.

Just as importantly, ever since the Administration announced its plan for the IANA transition the ICANN community and official Washington have focused their spotlight on it, with the new gTLD program relegated mostly to the shadows backstage. With .Sucks now in the media's crosshairs attention may shift back to the new gTLD program, warts and all. In addition to the widespread practice of TMCH term pricing far above "cost recovery" levels, other questionable registry practices have surfaced. Meantime, total new gTLD registrations are substantially below expectations — so much so that ICANN had to slash its budget by millions of dollars because of the shortfall from its own projections. It's even possible, given free first year registrations at some registries and the failure of a robust secondary market for new gTLD domains to develop, that later this year total new gTLD registrations may start to decline due to non-renewals on first year registration anniversaries — ICANN itself is projecting renewal rates as low as 50% — giving the impression that it is in at least short-term free fall.

It's premature to judge the program's long term performance, but we live in the age of the 24-hour news cycle. Companies like Google, which bid $25 million to win the ICANN last resort auction for .App, may well spend the marketing dollars to condition consumers to think more about "the right of the dot". But at the same time some registries are trying to boost market share by slashing initial year domain pricing to 99 cents, and such low cost domains are being utilized for "hundreds of gibberish, bulk-registered domains...being used to serve ads by potentially unwanted software". (In this regard, the author has recently noted a deluge of spam emails from new gTLD addresses hitting his own account.)

If the new gTLD program has flooded the marketplace with far more new gTLDs than the market has so far demonstrated demand for we may well witness the future deflation of a new gTLD asset bubble where those who eventually make a profit will be those who pick up insolvent gTLD registry assets after initial investors bail or bust out. As ICANN cannot unreasonably withhold approval of sales of registries, it remains to be seen what vetting of acquirers may occur if this occurs. Meantime, the marketing of new gTLDs faces additional hurdles due to substantial technical issues lumped together under the "Universal Acceptance" label.

The Universal Acceptance Challenge

"Universal acceptance" (UA) has become an urgent top priority for new gTLD adherents as well as those concerned about the performance of new domains for consumers and businesses. Simply put, many new gTLD addresses don't resolve in web browsers or work with email systems. This is exactly the type of technical issue that is supposed to be ICANN's core competence, so why is it only now being grappled with given the many years of planning in the run-up to new gTLDs becoming available?

This is hardly a new issue. According to the CTO for Afilias, the challenge was first identified by ICANN's Security and Stability Advisory Committee (SSAC) in 2003, with multiple recommendations made to address it. Yet, he observes,"That was over a decade ago! It's somewhat astonishing that these recommendations are as valid today as they were then, and that readiness is still not measurable… The need for a coordinated response and clearly visible results to the universal acceptance challenge has never been greater; not doing so could deal a devastating blow to the utility, relevance and legitimacy of all new top level domains." (Emphasis added)

In other words, ICANN has known of this problem's existence for a dozen years and did nothing to effectively address it even as it was planning to flood the DNS with hundreds of new top level extensions that would severely exacerbate the problem. This is a failure of foresight far greater than getting out front of the .Sucks controversy.

A session on UA was held on February 9th at the ICANN 52 Singapore meeting and the dialogue was sobering. A new Universal Acceptance Steering Group (UASG) was formed to address it after statements like these were made:

"The basic problem is that these new types of domains and email addresses just break stuff," Google's Brent London said during a UASG meeting at the ICANN meeting in Singapore last week.

"You try to use an internationalized domain or a long new gTLD, or even a short new gTLD, or certainly an internationalized email address and you're likely to run into problems," he said. "What we're doing is going around asking developers to make their products work."

... UASG members think the problem is large-scale and that it's a long-term project — 10 years or more — to fix it satisfactorily. (Emphasis added)

The scope and scale of this problem is vast. Hundreds of millions of endpoints rely on millions of networks operated by hundreds of thousands of organizations using software from tens of thousands of vendors. This entire infrastructure will break unpredictably if software throughout the Internet is not updated to work with the almost 1,400 new domains now slated to be rolled out. And, assuming it can even be done, once all this software is updated and tested, potentially billions of copies may need to be deployed and installed on devices and infrastructure to get these new domains to work as reliably as those now in wide circulation — like .com, .mil, and .fr.

So, more than a dozen years after ICANN's security and stability experts identified the need to address this problem it remains largely unaddressed even though during the intervening years ICANN was planning a massive expansion of the domain space that would severely exacerbate it. And it may take another decade to ensure that all the relevant software, browsers, forms, apps, email and other systems are compliant and can handle all delegated new TLDs. This is a massive failure in what is supposed to be ICANN's core competency.

If new gTLDs are being marketed to businesses and consumers that "break stuff" and that don't work properly, that means that businesses and consumers are being urged to purchase goods that may fail to serve their intended purpose. That is exactly the type of defective product case that, unlike ICANN's unprecedented .Sucks request, is right up the FTC's alley.

Lessons for the Next Round

If the FTC and OCA fail to respond to ICANN, or inform it that they find no outright illegality, and if ICANN fails to find measures on its own that can curb business practices that trademark owners think suck, what are the implications for the next round of new gTLDs?

ICANN is now preparing for the launch of brand-friendly gTLD, dot .BLOWS, which will be costing only $9.99 to the end-users and brand owners alike.

There will be no Sunrise period, and anyone willing to register a trademark with a ".BLOWS" suffix will be permitted to do so.

"We are making consumer advocacy and brand protection affordable, there is no question about that," said Fadi Chehadé, adding: "For less than $10 I will definitely get ICANN.BLOWS before some cybersquatter grabs it!"

Seriously, if the .Sucks business plan proceeds unimpeded then why wouldn't Momentous and other applicants pursue .blows, .liar, .sexist, .criminal, .racist, and similar gTLDs in the next gTLD round?

In order to avoid that likelihood, substantial changes would need to be made for the next round. This is an area in which the GAC could intervene with consensus advice. The Section 7.6 Special Amendment suggested in this article would have the effect of curbing excessive profiteering on TMCH terms. ICANN might also establish a policy that strings identified as pejorative could only be operated on a non-profit basis. It's not too early to start considering a long-term response on an issue that may only grow in scope.

Concluding Thoughts

ICANN's decision to take the unprecedented step of asking two national consumer protection regulators to determine whether a new gTLD it had authorized was engaged in illegal activities raises extremely serious and multifaceted questions about ICANN's future relationship with governments, as well as applicable jurisdictions for ICANN and its contracted parties, at a time when these very issues are at the forefront of the transition and accountability discussion. The repercussions may be extensive and serious.

They also raise the question, again, of why ICANN's Board, management and overall community do not display more proactive foresight to avoid situations that result in ad hoc reactions of this type.

The .Sucks controversy also places the subpar performance, the technical shortcomings, and some questionable practices associated with the new gTLD program back on center stage. This will not likely bolster the perception of ICANN or of the proposed transition within an already skeptical U.S. Congress. It also may affect rules for any subsequent round of the new gTLD program — including the pricing of terms registered in the TMCH, and whether any pejorative string should be awarded to a for-profit entity.

Overall, whether the full fallout from this situation truly sucks for ICANN will depend on whether ICANN takes steps beyond those it initiated this week. It is extremely unlikely that the FTC can or will express any opinion on the legality of the .Sucks business model, much less do so in the abbreviated timeframe before the registry is opened to general availability.

Defining the public interest in the DNS as being circumscribed solely by law and regulations, rather than broader ethical concerns, also raises troubling questions. Ultimately this controversy is unlikely to be resolved unless ICANN's Board and management step up to the plate and take on broader responsibility.

It may suck for ICANN, but the .Sucks situation is turning into a major accountability stress test.

By Philip S. Corwin, Founding Principal of Virtualaw LLC, a Washington, DC Law and Public Policy Firm – He also serves as Of Counsel to the IP-centric law firm of Greenberg & Lieberman. Views expressed in this article are solely his own. Visit Page

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet